Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CPP: TypeMention only covers mentions of user-defined types #13214

Open
ghost opened this issue May 17, 2023 · 0 comments
Open

CPP: TypeMention only covers mentions of user-defined types #13214

ghost opened this issue May 17, 2023 · 0 comments
Labels
question Further information is requested

Comments

@ghost
Copy link

ghost commented May 17, 2023

Built-in types, and derived types that have a built-in type as the base type, do not have any associated TypeMentions. It seems that only user-defined types are mentioned by TypeMention. As far as I can see, this behaviour is not documented anywhere.

This is a problem when running queries where TypeMention is expected to cover all types, such as the macro annotation queries in #8497 (for Linux kernel __user macro).

To demonstrate:

typementions.ql

import cpp

from TypeMention tm
select tm

mentionedtypes.ql

import cpp

from TypeMention tm, Type t
where tm.getMentionedType() = t
select t.explain()

test.cpp

typedef unsigned long ulong;

class c0 { bool f0; char f1; short f2; int f3; long f4; ulong f5; };
struct s0 { bool f0; float f1; double f2; c0 f3; c0 *f4; };

enum e0 { v0, v1, v2 };

char  a;
ulong b;
e0    c;
float d[2];
ulong e[2];

void fn(
  bool  , char  , short  , int  , long  , float  , double  ,
  bool *, char *, short *, int *, long *, float *, double *,
  bool &, char &, short &, int &, long &, float &, double &,
  bool[], char[], short[], int[], long[], float[], double[],

  void *, void **, void ***,

  ulong  , struct s0  , e0  , c0  ,
  ulong *, struct s0 *, e0 *, c0 *,
  ulong &, struct s0 &, e0 &, c0 &,

  void (*)(void),
  ulong(*)(struct s0),

  decltype(nullptr),
  decltype(a),
  decltype(b)
);

qlpack.yml

extractor: cpp
dependencies:
    codeql/cpp-queries: "*"

Output:

$ codeql test run .
Executing 2 tests in 1 directories.
Extracting test database in /home/user/tmp/qltest.
Compiling queries in /home/user/tmp/qltest.
Compiled /home/user/tmp/qltest/typementions.ql (446ms).
Compiled /home/user/tmp/qltest/mentionedtypes.ql (80ms).
Executing tests in /home/user/tmp/qltest.
Cannot find typementions.expected file.
--- expected
+++ actual
@@ -1,1 +1,20 @@
-
+| test.cpp:3:57:3:61 | type mention |
+| test.cpp:4:43:4:44 | type mention |
+| test.cpp:4:50:4:51 | type mention |
+| test.cpp:9:1:9:5 | type mention |
+| test.cpp:10:1:10:2 | type mention |
+| test.cpp:12:1:12:5 | type mention |
+| test.cpp:22:3:22:7 | type mention |
+| test.cpp:22:19:22:20 | type mention |
+| test.cpp:22:25:22:26 | type mention |
+| test.cpp:22:31:22:32 | type mention |
+| test.cpp:23:3:23:7 | type mention |
+| test.cpp:23:19:23:20 | type mention |
+| test.cpp:23:25:23:26 | type mention |
+| test.cpp:23:31:23:32 | type mention |
+| test.cpp:24:3:24:7 | type mention |
+| test.cpp:24:19:24:20 | type mention |
+| test.cpp:24:25:24:26 | type mention |
+| test.cpp:24:31:24:32 | type mention |
+| test.cpp:27:3:27:7 | type mention |
+| test.cpp:27:19:27:20 | type mention |
[1/2 comp 446ms eval 161ms] FAILED(RESULT) /home/user/tmp/qltest/typementions.ql
Cannot find mentionedtypes.expected file.
--- expected
+++ actual
@@ -1,1 +1,4 @@
-
+| class c0 |
+| enum e0 |
+| struct s0 |
+| typedef {unsigned long} as "ulong" |
[2/2 comp 80ms eval 34ms] FAILED(RESULT) /home/user/tmp/qltest/mentionedtypes.ql
0 tests passed; 2 tests failed:
  FAILED: /home/user/tmp/qltest/typementions.ql
  FAILED: /home/user/tmp/qltest/mentionedtypes.ql

The root cause appears to be in the extractor, as the trap file doesn't contain any type_mentions that aren't also queryable as TypeMention:

$ brotli -d < $(find -name *.tar.br) | tar -xO --wildcards */test.cpp.*.trap | grep type_mentions | tee >(wc -l)
type_mentions(#102, #103, #loc_100_27_19_27_20, 4)
type_mentions(#104, #105, #loc_100_27_3_27_7, 4)
type_mentions(#107, #108, #loc_100_24_31_24_32, 4)
type_mentions(#109, #10a, #loc_100_24_25_24_26, 4)
type_mentions(#10b, #103, #loc_100_24_19_24_20, 4)
type_mentions(#10c, #105, #loc_100_24_3_24_7, 4)
type_mentions(#10d, #108, #loc_100_23_31_23_32, 4)
type_mentions(#10e, #10a, #loc_100_23_25_23_26, 4)
type_mentions(#10f, #103, #loc_100_23_19_23_20, 4)
type_mentions(#110, #105, #loc_100_23_3_23_7, 4)
type_mentions(#111, #108, #loc_100_22_31_22_32, 4)
type_mentions(#112, #10a, #loc_100_22_25_22_26, 4)
type_mentions(#113, #103, #loc_100_22_19_22_20, 4)
type_mentions(#114, #105, #loc_100_22_3_22_7, 4)
type_mentions(#115, #105, #loc_100_12_1_12_5, 4)
type_mentions(#116, #10a, #loc_100_10_1_10_2, 4)
type_mentions(#117, #105, #loc_100_9_1_9_5, 4)
type_mentions(#118, #108, #loc_100_4_50_4_51, 4)
type_mentions(#119, #108, #loc_100_4_43_4_44, 4)
type_mentions(#11a, #105, #loc_100_3_57_3_61, 4)
20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

0 participants